Welcome to my site. Please CLICK HERE to give your opinions regarding this new look of "PCTipsbyAnu". Thanks for visiting.

Sunday, May 15, 2011

Distributed Denial of Service Attacks (DDOS)...

Are you Denied Access to Any Website or Internet?

A web server goes down. People not able to access it! This is a phenomenon of recent attacks on a few popular sites and has taken on new dimensions from the effective Denial of service attacks to DDoS- Distributed Denial of Service and DRDoS-Distributed reflected denial of service. Denial of service attacks may be targeting a single system but have an effect on the entire network. If the internet bandwidth between server and router is affected then the intranet cannot function. If DoS and DDoS attack is done on a large scale it can effectively bring down huge geographical sections of the internet.

Denial of service Attacks
An attack that is made across the internet (network) from a single system having a higher bandwidth connection causing the destination (single system or network) to cease proper functioning and thereby making it crash is termed as a DoS-Denial of Service attack. The ways this has been done in the past is to
  • Make a device dysfunctional. This is done by deleting or changing configurations of the device or by power interruptions.
  • Make a device overwhelmed by bogus service requests such that it is unable to function properly. This is more an attack on the computational resource of a device or system. By overloading this resource it cause degradation of service to a point where the device/system crashes.
  • Consume the network bandwidth by flooding a system.
  • Nuke attack uses a modified ping utility to continually send fragmented data (ICMP packets) to the target slowing down the affected computer. Nuke attacks also refer to sending continuous messages in instant messenger or online gaming. Techniques have been put into place to stop third party flood control.
  • Win Nuke is a remote denial of service affecting Windows 95, NT and 3.1X operating systems. The exploit is an out of band data to the target computer causing the blue screen of death.
  • Ping of Death is sending a malicious ping to a computer system. Ping is usually 64 bytes in size. Sending a ping with size more than 64 bytes crashes the system due to buffer overflow that occurs at time of reassembling the packet. This is called ping of death and is an exploit of the past since remedial measures have been implemented in systems and devices affected like UNIX, Linux, Mac, Windows, Printers and Routers. 


Tools for DoS Attacks

Some of the tools for DoS attacks are listed below.
  • Ping flooding is another wide spread technique of flooding the system with ping so that normal traffic does not reach the system.
  • Smurf uses spoofed broadcast ping messages in its denial of service attack. A large amount of ICMP echo (ping) traffic is sent to the target IP address. On a multi-access broadcast network many machines may reply to each packet causing flooding. Using a secure Router and proper configuration mitigates this problem.
  • UDP flood attack is done by sending a large number of UDP packets to random ports. If no application listens at that port the machine replies with an ICMP; destination unreachable packet. For large number of packets with spoofed addresses the victims computational resources are affected thereby slowing traffic on the network and reducing bandwidth.
  • LAND attack sends a spoofed TCP SYN packet to the targets IP address. The packets source and destination address is the same as that of the targets IP address. This causes the machine to reply to itself continuously. It is a security flaw discovered in Windows Server 2003 and Windows XP. Other services that have been LAND attacked are SNMP, Windows 88/TCP Kerberos, and chargen port on a UNIX system. This is also called a banana attack where outgoing messages are redirected to the client itself.
  • Tear drop is a remote denial of service by sending IP fragments with overlapping payload. When reassembling is done the operating system crashed due to a bug.
  • SPAM is Denial of Service too and is limited to your mail box.
Distributed Denial of service attacks
In a distributed DoS attack the host computers that initiate the attack do not know that they are participating in an attack. These compromised computers which are a part of a botnet are controlled by a bot master who ‘remote controls’ these machines. This Zombie army is then directed to attack specific targets. With these slave machines trying to access one IP address the target machine is flooded with many spoofed IP packets. Even well connected Web sites can be brought down by this means. Attacks may be routers, emails, DNS servers, Websites etc…One example of denial of service software is Stacheldraht that uses UDP flood, ICMP flood, TCP SYN flood and Smurf attack for a DDoS.
Distributed reflected denial of service
This attack is such that the source address of the packet is spoofed to that of the target computer. Forged requests with the target address are sent to a large number of computers. All the replies from these computers are sent to the source address which is the target victim.
How to Prevent Denial of Service Attacks
Prevention is the best way to avoid these DoS attacks and even DDoS attacks like Agobot, DSNX- The Dataspy Network X ddos bot source C++ code. Some of the methods may help you and some may not depending on the operating systems and the configuration of your server.
  • Implement service packs and patches as and when it is available
  • Configure all your ports properly by disabling any port or network service you are not using. This limits the ability of the intruder.
  • Enable quota system if your operating system supports it. It helps in keeping critical files and other resources out of other users’ access.
  • Observe the system performance and be more aware of speed of working and internet to be able to determine if anything is slowing down your system.
  • In case of large networks examine the physical security of your devices in addition to network security.
  • Use tools that notify you about changes in configuration or changes in other files
  • Maintain proper password policies.
  • Firewalls and access policies may help you to some extent but cannot prevent an all out attack. Modern inspection firewalls and routers like checkpoint FW1 NGX and Cisco PIX are made to differentiate good and bad traffic and can help in prevention of a DoS attack.
  • The best method to prevent DoS and DDoS is tracking down and shutting down botnets.
Denial of service has seen a growth due to rise in botnets. Denial of service is done by some crazy individual. Many botnet masters have been arrested and botnets shut down. Criminals are running botnet for monetary gain and a botnet is known in a denial of service attack. Denial of service is done more in extortion attempts and may soon increase with tools widely available on the net. 


You can leave a response, or trackback from your own site.

About 'Anu': My name is 'Anu' also Known as 'ANU 007 TIGER' .I'm administrator of 'PC Tips by Anu' blog .This blog was opened for sharing contents about hacking n cracking.


Post a Comment

Back to Top